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(57) A content access control system comprising: a 
read unit (810) which reads out content (802) and li- 
cense information (801 ) from a medium (800) where the 
content to be provided from an authenticated informa- 
tion provider to a user and the license information re- 
garding access to the content are recorded in correlation 
with each other; a transfer unit (824) which transfers the 
read-out content and license information; a reception 
unit (924) which receives the read-out content and li- 
cense information; and a write unit (910) which gener- 
ates the content and the license Information from the 
read-out content and license information received by the 
reception unit, and writes the generated content and li- 
cense information onto another medium (900); charac- 
terized in that: the transfer unit (824) transfers the read- 
out content (802) and license information (801) as a file; 
the reception unit (924) receives the file; the write unit 
(910) generates the contents and the license informa- 
tion from the file, items of identifying information being 
allocated to two or more of the read unit (810), transfer 
unit (824), reception unit (924) and write unit (910), re- 
spectively; the license information (242) recorded in the 
medium (240) includes two or more blocks of license 
information each of which includes a respective item of 
said Identifying information; the blocks of license Infor- 



mation are subjected to multiple encryption by setting a 
logical product of the identifying information included in 
the blocks of license information; and the system allows 
access to the content (802) only when the decrypted li- 
cense information satisfies the logical product. 
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Description 

[0001] The present invention relates to a content ac- 
cess control system which controls access to content 
provided by an authenticated information provider such 
as a copyright holder. This invention also relates to a 
content access control method/program and a compu- 
ter-readable recording medium where the content ac- 
cess control program is recorded. 
[0002] Under present circumstances where distribu- 
tion of content such as digitized movies and music has 
started in earnest, it is urgently required to realize a 
mechanism to manage copyrights and licenses con- 
cerning this type of content. 

[0003] One can not sell or transfer content such as 
movies or music (that is, material that has a copyright) 
in order to make profit, unless licensed to do so by the 
copyright holder under the provisions of copyright law. 
"Content" here refers to copyrighted works in digital 
form, such as a collection of bit arrays recordable on a 
single piece of recording media, such as documents, still 
images, video, and software programs. 
[0004] This type of content can be distributed to users 
by recording it on one or more recording media. In this 
case, controls for access to the content (henceforth, 
content access control) are provided using license in- 
formation forthe purpose of protection of the copyrights. 
This contents access control is provided in order that 
only an authorized user can get access to the content. 
[0005] As an example of content access control, there 
is one realized by using license information consisting 
of identifying information that identifies each of physical 
elements (that is, system elements such as recording 
media, device) required for accessing the content. This 
license information includes license conditions for ac- 
cess to the content. Such a system has identifying in- 
formation allocated specifically to that system. A user 
gets the license information from a channel different 
from a channel from where he gets the content. The user 
then inputs the license information into the system, and 
sets the recording media, that contains the content, into 
this system. 

[0006] The system determines whetherthe identifying 
information allocated to the system satisfies the license 
conditions included in the license information entered 
by the user. When the information satisfies the license 
conditions, access to the content is allowed. On the oth- 
er hand, when the information does not satisfies the li- 
cense conditions, the access to the content is not al- 
lowed. 

[0007] As explained above, when accessing content 
in a conventional manner, it is required to acquire both 
the recording media that contain the content and the li- 
cense information from different channels, which is ex- 
tremely inconvenient. Further, the recording media and 
the license Information exist separately, which may 
cause either of the two to be lost in the conventional 
system. 



[0008] Further, conventionally, only the license infor- 
mation exists as a single unit. Therefore, unauthorized 
duplication of the license information is possible, and as 
a result, there has been a problem that unauthorized ac- 

5 cess to the content may occur. This is not good from the 
viewpoint of protection of copyright holders. 
[0009] EP-A-0 878 796 discloses a content access 
control apparatus, system and method In which encrypt- 
ed content and encrypted license information of the con- 

10 tent are inseparably recorded on a medium such as a 
DVD. Decoding of the encrypted license information 
may be performed using a secret key present in a de- 
coder unit. 

[0010] EP-A-0 923 076 discloses a data recording ap- 
'5 paratus having an encoder ID specific to the apparatus. 
The encoder ID is recoded on a medium together with 
encoded data so as to prevent reproduction of copied 
data. 

[001 1 ] EP-A-0 71 7 338 discloses a method of protect- 
ee ing copyright in which each copy of a work Is restricted 
to a specific device or set of devices, by giving each 
playback device an identification number and providing 
a licence for unlocking the work which includes that 
identification number. 
25 [0012] Embodiments of this invention can provide a 
content access control system which allows a user to 
easily transfer content and licence information from one 
medium to another while preventing unauthorized ac- 
cess to the content, and also provide a content access 
30 control method/program and a computer-readable re- 
cording medium that contains the content access con- 
trol program. 

[0013] According to one aspect of this invention, there 
is provided a content access control system comprising: 

35 a read unit which reads out content and license infor- 
mation from a medium where the content to be provided 
from an authenticated information provider to a user and 
the license information regarding access to the content 
are recorded in correlation with each other; a transfer 

40 unit which transfers the read-out content and license in- 
formation; a reception unit which receives the read-out 
content and license information; and a write unit which 
generates the content and the license information from 
the read-out content and license information received 

45 by the reception unit, and writes the generated content 
and license information onto another medium; charac- 
terized in that: the transfer unit transfers the read-out 
content and license information as a file; the reception 
unit receives the file; the write unit generates the con- 

50 tents and the license information from the file, items of 
identifying information being allocated to two or more of 
the read unit, transfer unit, reception unit and write unit, 
respectively; the license information recorded in the me- 
dium includes two or more blocks of license Information 

55 each of which includes a respective item of said identi- 
fying information; the blocks of license information are 
subjected to multiple encryption by setting a logical 
product of the Identifying Information included In the 
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blocks of license information; and the system allows ac- 
cess to the content only when the decrypted license In- 
formation satisfies the logical product. 
[001 4] According to a second aspect of this invention, 
there is provided a content access control method com- 
prising the steps of: reading out content and license in- 
formation from a medium where the content to be pro- 
vided from an authenticated information provider to a 
user and the license information regarding access to the 
content are recorded in correlation with each other; 
transferring the read-out content and license informa- 
tion; receiving the read-out content and license informa- 
tion; and generating the received content and the li- 
cense information, and writing the generated content 
and license information onto another medium; charac- 
terized in that the method further comprises the steps 
of: transferring the read-out content and license infor- 
mation as a file; allocating respective items of identifying 
information to physical elements included in a utilization 
unit for carrying out said method; setting the license in- 
formation recorded in the medium so as to include two 
or more blocks of license information allocated to said 
physical elements respectively, wherein the blocks of li- 
cense information include respective items of said iden- 
tifying information allocated to the physical elements; 
performing multiple encryption for the license informa- 
tion by setting a logical product of the identifying infor- 
mation included in the blocks of license information; and 
allowing access to the content only when the decrypted 
license information satisfies the logical product. 
[0015] In an embodiment of the invention, license in- 
formation (information indicating whether access to the 
content is to be allowed or not) and the content are 
stored in one medium in a correlated form. The access 
to the content is controlled based on the license infor- 
mation and identifying information. Therefore, by acquir- 
ing the medium, both the license information and the 
content can concurrently be obtained. Resultantly, the 
content can more easily be utilized as compared to the 
conventional case where the license information and the 
content are acquired from different channels. 
[0016] Further, the access control unit decrypts the 
blocks of license information acquired from the medium, 
and controls access to the content based on these re- 
sults of decryption and the identifying information. Only 
a user who has the right can decrypt all the blocks of 
license information. Therefore, the case where the 
blocks of license information cannot be decrypted indi- 
cates the fact that the corresponding device belongs to 
an unauthorized user. As a consequence, unauthorized 
access to the content can be prevented. 
[0017] Preferably, the content is also encrypted. The 
access control unit decrypts the blocks of license infor- 
mation acquired from the medium, and controls access 
to the content based on these results of decryption and 
the identifying information. Only the user who has the 
right can decrypt all the blocks of license inf omnation and 
the content decryption key. Further, when the access is 



licensed by the access control unit, the utilization unit 
utilizes the content based on the result of decrypting the 
content using the content decryption key. As a conse- 
quence, unauthorized access to the content can be pre- 
5 vented. 

[0018] In one embodiment, the access control unit 
controls access to the content based on the result of de- 
crypting the license information recorded on the secured 
region and the identifying information. Only a user who 

io has the right can decrypt the license information. There- 
fore, the case where the license information cannot be 
decrypted indicates the fact that the corresponding de- 
vice belongs to an unauthorized user. As a conse- 
quence, unauthorized access to the content can be pre- 

*5 vented. 

[001 9] In another embodiment, the physical elements 
of the utilization unit perform mutual authentication 
when a mutual authentication command Is issued. 
When the elements are mutually authenticated, the ac- 
20 cess control unit acquires license information from the 
specific region, and controls access to content based 
on the license information and the identifying informa- 
tion. When the physical elements are not mutually au- 
thenticated, on the other hand, the access is not li- 
25 censed. Thus, the license can be disapproved at the in- 
stant at which it is determined that mutual authentication 
is not obtained. As a consequence, unauthorized ac- 
cess to the content can be prevented. 
[0020] Further, the secured region may be mapped to 
30 the specific region, both of which are effective in secu- 
rity. Therefore, extremely high security can be ensured. 
[0021] The present invention allows content and li- 
cense information to be transferred (copied) from one 
medium to the other. Therefore, the license regarding 
35 the access to the content can be transferred to a third 
party. 

[0022] Although a medium is referred to above, it is 
possible for the content and the license information to 
be distributed over a plurality of media. 
40 [0023] Reference is made, by way of example, to the 
accompanying drawings in which Figures 26 and 27 par- 
ticularly relate to the present invention, the remaining 
Figures being relevant at least as background informa- 
tion. In the Figures: 

45 

Fig. 1 is a block diagram showing a first content ac- 
cess control system useful for understanding this 
invention. 

Fig. 2 is a diagram showing a relationship between 
so the content 141 and the AC 142 shown in Fig. 1 . 

Fig. 3 is an example of the format of the AC 142 
shown in Fig, 1 . 

Fig. 4 is a flow chart showing the operation of the 
system of Fig. 1 . 
55 Fig. 5 is a block diagram showing the configuration 
of a second content access control system. 
Fig. 6 is a diagram showing a relationship between 
the content 241 and the license information 242 



25 



30 
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shown in Fig. 5. 
Fig. 7 shows an example of the format of the AC 
242 shown in Fig. 5. 

Fig. 8A to Fig. 8F show examples of the license in- 
formation 242 shown in Fig. 5. 
Fig. 9 Is a flow chart showing the operation of the 
second content access control system. 
Fig. 1 0 is a block diagram showing the configuration 
of a third content access control system. 
Fig. 11 shows an example of the license according 
to the third content access control system. 
Fig. 12A to Fig. 12F show examples of the license 
information 300 shown in Fig. 10. 
Fig. 13 is a flow chart showing the operation of the 
third content access control system. 
Fig. 1 4 is a block diagram showing the configuration 
of a fourth content access control system. 
Fig. 15 is a diagram showing the data structure of 
the MO media 440 shown in Fig. 14. 
Fig. 1 6 is a flow chart showing the operation of the 
fourth content access control system. 
Fig. 1 7 is a flow chart showing the operation of the 
fourth content access control system. 
Fig. 1 8 is a block diagram showing the configuration 
of the data write device in the fourth content access 
control system. 

Fig. 1 9 is a flow chart showing the operation of the 

data write device shown in Fig 1 8. 

Fig. 20 is a block diagram showing the configuration 

of a fifth content access control system. 

Fig. 21 is a diagram showing the data structure of 

the MO media 540 shown in Fig. 20. 

Fig. 22 is a flow chart showing the operation of the 

fifth content access control system. 

Fig. 23 is a block diagram showing the configuration 

of the formatting device in the fifth content access 

control system. 

Fig. 24 is a flow chart showing the operation of the 

formatting device shown in Fig 23. 

Fig. 25 Is a diagram showing the data structure of 

the MO media 600 in a sixth content access control 

system. 

Fig. 26 is a block diagram showing the configuration 
of the packed data generating device in an embod- 
iment of this invention. 

Fig. 27 is a block diagram showing the configuration 
of the unpacking device in the embodiment. 

[0024] In the following detailed description, content 
such as copyrighted information, software and the like 
is referred to as "contents". 

[0025] Before describing a preferred embodiment of 
the content access control system, method and pro- 
gram, some content access control systems useful for 
understanding the invention will first be explained. 
[0026] Fig. 1 is a block diagram showing a configura- 
tion of a first content access control system useful for 
understanding this invention. A user U operates a com- 
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puter 110. The computer 110 comprises OS (Operating 
System) 111. The OS 111 controls execution of various 
programs in this computer 1 1 0. File system 1 1 2 manag- 
es files handled by the computer 11 0, and controls read/ 

5 write of data. ACM (Access Control Manager) 1 1 3 man- 
ages controls for access between the ACM and each of 
the file system 112, MPEG2 (Moving Picture Experts 
Group 2) playback control section 114, MO (Magneto 
Optic) device 120 (i.e. MO disk drive), and MPEG2 de- 

10 coder 130. 

[0027] The MPEG2 playback control section 114 pro- 
vides controls for supplying data for moving pictures 
(contents) to the MPEG2 decoder 130. In reality, the 
functions of the MPEG2 playback control section 114 

is are realized by executing an MPEG2 playback control 
application program. The MO device 1 20 is provided ex- 
ternally (or internally), and reads out data from a medi- 
um (an MO disc 140 in Fig. 1). 
[0028] Contents 141 and AC (Access Condition: In- 

20 formation representing access approval condition) 142 
are stored on the medium140 in a correlated form. The 
contents 141 are data for MPEG2-format moving pic- 
tures, for example, and are provided by the information 
provider such as the copyright holder. The data format 

2$ of the contents 141 is immaterial so long as the data is 
subject to copyright or a license. The AC 1 42 is license 
information regarding the playback of the contents 141 . 
The playback of the contents 141 is allowed when the 
provided data satisfies the condition of the AC 142. 

30 Whereas, the playback of the contents 141 is not al- 
lowed when the data does not satisfy the conditions of 
the AC 142. 

[0029] The condition of the AC 1 42 consists of a com- 
bination of respective identifying information allocated 

35 to a plurality of target physical elements. This target 
physical element includes any device and media, such 
as MO media, MO device, and MPEG2 device, that are 
required to playback the contents 141. Identifying Infor- 
mation includes MSN (Media Serial Number) and a DSN 

40 (Device Serial Number). It will be assumed here that the 
AC 142 has the MSN of the MO media set to "123", the 
DSN of the MO device set to "456", and the DSN of the 
MPEG2 decoder set to "789". Further, the condition for 
a logical product (AND): MSN (=123) & DSN (=456) & 

45 DSN (=789) is set in the AC 1 42. 

[0030] That Is, according to the AC 1 42, the playback 
of the contents 141 can be licensed oniy when all of 
three conditions are satisfied: the MO media are ones 
to which the MSN (=123) is allocated, the MO device is 

50 one to which the DSN (=456) is allocated, and the 
MPEG2 decoder is one to which the DSN (=789) is al- 
located. Conversely, playback of the contents 141 is not 
allowed when one or two conditions out of the three con- 
ditions are not satisfied. Thus, the AC 142 plays a role 

55 as a license to give approval of playback of the contents 
141 only to an authorized party who can simultaneously 
satisfy the three conditions. 

[0031] The contents 141 and the AC 142 are stored 
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on the MO media 1 40 in a correlated form as shown in 
Fig. 2. The contents 141 of the MO media 140 are di- 
vided into three blocks: contents (1/3) 141 1( contents 
(2/3) 141 2 , and contents (3/3) 141 3 . These contents 
(1/3) 141 1( contents (2/3) 141 2 , contents (3/3) 141 3 are 
stored in regions specified by LBN (Logical Block 
Number)=L, LBN=M, and LBN=N, respectively. 
[0032] Similarly, the AC 142 of the MO media 140 is 
divided into two blocks: AC (1/2) 142 1( and AC (2/2) 
142 2 . These AC (1/2) 142 1 and AC (2/2) 142a are stored 
in regions specified by LBN=X and LBN=Y, respectively. 
[0033] The contents 1 41 and the AC 1 42 are correlat- 
ed with each other via file management data D A1 and 
auxiliary file management data D^. The file manage- 
ment data D A1 is used for managing the contents 1 41 
as the main body of the file and the AC 1 42 as an aux- 
iliary file. This file management data D A1 consists of in- 
formation such as "file name", "date and time of crea- 
tion", — t "link to the auxiliary file management data", 
"link to main body of the file (1/3)", "link to main body of 
the file (2/3)", and "linkage to main body of the file (3/3)". 
[0034] On the other hand, the auxiliary file manage- 
ment data D A2 is used for directly managing the AC 1 42, 
and consists of information such as "auxiliary file name", 
"date and time of creation", "link to AC (1/2)", and 
"link to AC (2/2)". 

[0035] Fig. 3 shows an example of the format of the 
AC 142. In this figure, flag F 4 represents the fact that a 
medium AC: MSN=1 23 does not satisfy the condition for 
logical sum (OR)/logical product (AND). Flag F 5 repre- 
sents the fact that the MO device AC: DSN=456 (see 
Fig. 1 ) does not satisfy the condition for logical sum/log- 
ical product (the slash / represents 'or 4 ). Flag F 3 repre- 
sents the fact that the medium AC: MSN=123 and the 
MO device AC: DSN=456 satisfy the conditions of a log- 
ical sum. In this case, the number of conditions for a 
logical sum is 2. 

[0036] Flag F 6 represents the fact that MP EG2 decod- 
er AC: DSN=789 does not satisfy the condition for log- 
ical sum/logical product. Flag F 2 represents the fact that 
the elements with regard to flag F 3 (MSN=123, 
DSN=456) and the element with regard to flag F 6 
(DSN=789) satisfy the conditions for the logical sum. In 
this case, the number of conditions for the logical sum 
is 2. Formats from the flag F 2 to the flag F 6 are used 
here for the AC 142 shown in Fig. 1 . Thus, flag Fj and 
flag F 7 to flag F 9 shown in Fig. 3 are used for extension. 
[0037] Flag F 8 represents the fact that medium AC: 
MSN=abc does not satisfy the condition for logical sum/ 
logical product. Flag F 9 represents the fact that MO de- 
vice AC: DSN=def does not satisfy the condition for log- 
ical sum/logical product. Flag F 7 represents the fact that 
the element (MSN=abc) with regard to flag F 8 and the 
element (DSN=def) with regard to flag F 9 satisfy the con- 
ditions for logical product. The number of conditions for 
the logical product In this case is 2. Flag F t represents 
the fact that the elements (MSN=123, DSN=456, 
DSN=789) with regard to flag F 2 and the elements 



(MSN=abc, DSN=def) with regard to flag F 7 satisfy the 
conditions for a logical sum. In this case, the number of 
conditions for the logical sum is 2. 
[0038] Referring to Fig. 1, MSN=123 is allocated to 

s the medium 140 as media identifying information. 
DSN =456 is allocated to the MO device 120 as device 
identifying information. A drive 121 drives the medium 
140 so as to rotate the medium at the time of reading 
out the data. AC check section 122 checks whether the 

10 MSN=123 read-out from the medium 140 satisfies the 
condition (in this case, MSN=123) of the AC 142. Simi- 
larly, the AC check section 122 checks whether the 
DSN=456 allocated to the MO device 120 satisfies the 
condition (in this case, DSN=456) of the AC 142. 

is [0039] The MPEG2 decoder 130 decodes the con- 
tents 141 (for example, video data) based on the 
MPEG2 format and plays back the contents 241. 
DSN=789 is allocated to this MPEG2 decoder 130 as 
device identifying information. The AC check section 

20 131 checks whether the DSN=789 satisfies the condi- 
tion (in this case, DSN=789) of the AC 142. 
[0040] MO device 150 is provided separately from 
(may be provided together with) the MO device 1 20 and 
reads out data from a MO disk (medium 160 in Fig. 1). 

25 Drive 151 in this MO device 150 drives the medium 160 
so as to rotate. Further, DSN=def (see Fig. 3) Is allocat- 
ed to the MO device 150 as device identifying informa- 
tion. This DSN=def is different from the DSN=456 allo- 
cated to the MO device 120. MSN=abc is allocated to 

30 the medium 160 as media identifying information. This 
MSN=abc is different from the MSN-123 allocated to 
the medium 140. 

[0041] Operation of the Fig. 1 system will be explained 
below with reference to a flow chart shown In Fig. 4. It 
35 js assumed here that the medium 140 is set in the drive 
121 of the MO device 120. When the user U Instructs 
playback of MPEG2 contents to the MPEG2 playback 
control section 114 at step SA1, at the next step SA2 
the MPEG2 playback control section 114 instructs the 
40 playback of the MPEG2 contents to the ACM 113. 
[0042] Accordingly, at step SA3, the ACM 113 ac- 
quires the AC 1 42 from the medium 1 40 via the file sys- 
tem 112. At step SA4 t the ACM 113 transfers the ac- 
quired AC 142 to the AC check section 122 of the MO 
« device 1 20. At step SA5, the AC check section 1 22 then 
acquires the MSN (=123) from the medium 140. At step 
SA6, the AC check section 1 22 determines whether the 
condition of the AC 142 matches the MSN (=123). 
[0043] Precisely, the AC check section 122 deter- 
so mines whether the contents of the AC 1 42 (in this case, 
medium : MSN=123) shown in Fig. 1 match the MSN 
(= 1 23) acquired from the medium 1 40. Assume that the 
two match. Therefore, the result of determination at step 
SA6 shall be "Yes". 
55 [0044] On the other hand, when the result of determi- 
nation at step SA6 Is "No" .namely when the two do not 
match, the processes in step SA1 7 is performed. At step 
SA1 7, the AC check section 1 22 sends the check result 
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of NG (no match) back to the ACM 113. Accordingly, at 
step SA18, the ACM 113 sends the check result of NG 
back to the MPEG2 playback control section 114, and 
ends the series of processing. This case indicates that 
the condition of the AC 142 (MSN=123) is not satisfied, 
and hence the playback of the contents 141 recorded 
on the medium 140 is not allowed, 
[0045] When the result of determination at step SA6 
is "Yes", at step SA7, the AC check section 1 22 returns 
the AC 142 together with the check result of OK (match) 
obtained at step SA6 to the ACM 113. Accordingly, at 
step SA8, the ACM 113 transfers the AC 142 to the AC 
check section 122. When receiving the AC 142, at step 
SA9, the AC check section 122 acquires DSN (=456) 
from the MO device 120. At step SA10, the AC check 
section 1 22 determines whetherthe condition of the AC 
142 matches the DSN (=456). 

[0046] Precisely, the AC check section 122 deter- 
mines whetherthe contents of the AC 142 (in this case, 
MO device: DSN=456) shown in Fig. 1 match the DSN 
(=456) acquired from the MO device 120. Assume that 
the two match. Therefore, the result of determination at 
step SA10 will be "Yes". 

[0047] On the other hand, when the result of determi- 
nation at step SA10 is "No 8 , the process at step SA17 
is performed. At step SA17, the AC check section 122 
sends the check result of NG back (no match) to the 
ACM 113. Accordingly, at step SA18, the ACM 113 
sends the check result of NG back to the MPEG2 play- 
back control section 114, and ends the series of 
processing. Thus, this case indicates that the conditions 
of the AC 1 42 (MSN= 1 23 & DSN=456) are not satisfied, 
and hence the playback of the contents 141 recorded 
on the medium 140 is not allowed. 
[0048] When the result of determination at step SA1 0 
is "Yes", at step SA11 , the AC check section 1 22 returns 
the AC 142 together with the check result of OK (match) 
obtained at step SA10 to the ACM 113. Accordingly, at 
step SA12,the ACM 11 3 transfers the AC 142 to the AC 
check section 131 of the MPEG2 decoder 130. When 
receiving the AC 142, at step SA13, the AC check sec- 
tion 131 acquires DSN (=789) from the MPEG2 decoder 
130. At step SA14, the AC check section 131 deter- 
mines whether the condition of the AC 1 42 matches the 
DSN (=789). 

[0049] Precisely, the AC check section 131 deter- 
mines whetherthe contents of the AC 142 (in this case, 
MPEG2 decoder: DSN=789) shown In Fig. 1 match the 
DSN (=789) acquired from the MPEG2 decoder 1 30. As- 
sume that the two match. Therefore, the result of deter- 
mination at step SA14 will be "Yes". 
[0050] On the other hand, when the result of determi-. 
nation at step SA14 is "No", the process at step SA17 
is performed. At step SA17, the AC check section 131 
sends the check result of NG (no match) back to the 
ACM 113. Accordingly, at step SA18, the ACM 113 
sends the check result of NG back to the MPEG2 play- 
back control section 114, and ends the series of 



processing. Thus, this case indicates that the conditions 
of the AC 142 (MSN=123 & DSN=456 & DSN=7B9) are 
not satisfied, and hence the playback of the contents 
141 recorded on the medium 140 is not allowed. 

5 [0051 ] When the determination result at step SA1 4 is 
'Yes", at step SA15, the AC check section 131 returns 
the AC 1 42 together with the check result of OK (match) 
obtained at step SA14 to the ACM 113. Accordingly, at 
step SA16, the ACM 113 sends all the check results of 

10 OK obtained at step SA6, step SA10, and step SA14 
back to the MPEG2 playback control section 114, and 
ends the series of processing. Thus, this case indicates 
that all the conditions of the AC 142 recorded on the 
medium 140 are satisfied, and hence retrieval of con- 

'5 tents 141 is allowed. 

[0052] Therefore, the MPEG2 playback control sec- 
tion 1 1 4 reads out the contents 1 41 from the MO media 
1 40 via the drive 121 and the file system 1 1 2, and then 
transfers the contents to the MPEG2 decoder 130. Ac- 

20 cordingly, the contents 141 are decoded and played as 
video by the MPEG2 decoder 130. 
[0053] As explained above, in the above system, the 
AC 142 and the contents 141 are recorded in a corre- 
lated form on one medium 140, and access to the con- 

2S tents 141 is controlled based on the AC 142 and the 
identifying information (MSN=123, and so on). There- 
fore, the AC 142 and the contents 141 can simultane- 
ously be obtained when the medium 140 is acquired. 
Thus, contents can more easily be utilized as compared 

30 to the conventional case where these two are acquired 
through different channels. 

[0054] In the system shown in Fig. 1 , the AC 142 was 
not encrypted. However, higher security may be 
achieved when the AC 142 Is encrypted. This case is 
35 explained below as a second content access control 
system. 

[0055] Fig. 5 is a block diagram showing a configura- 
tion of the content access control system. The user U 
operates the computer 21 0. The computer 21 0 compris- 

40 es OS 211 . The OS 211 controls execution of various 
programs in this computer 210. File system 212 man- 
ages files handled by the computer 210, and controls 
read/write of data. ACM (Access Control Manager) 213 
manages controls for access between the ACM and 

45 each of the file system 212, MPEG2 playback control 
section 214, MO device 220, and MPEG2 decoder 230. 
[0056] The MPEG2 playback control section 214 has 
the same function as that of the MPEG2 playback con- 
trol section 1 1 4 (see Fig. 1 ). The MO device 220 is pro- 

so vided externally (or Internally), and reads out data from 
MO disks (medium 240 in Fig. 5). 
[0057] Contents 241 and license information 242 are 
stored on the medium 240 in a correlated form. The con- 
tents 141 are data for MPEG2-format moving pictures. 

55 The license information 242 is information regarding 
whether the playback of the contents 241 is allowed or 
not. That is, when provided data satisfies the conditions 
of the license information 242 then the playback of the 



11 



EP 1 480 101 A2 



12 



contents 241 is allowed. Whereas, when the data does 
not satisfy the conditions of the license information 242, 
the playback of the contents 241 is not allowed. This 
license information 242 is obtained by performing mul- 
tiple encryption on items of information (MSN=123, 
DSN=456, and DSN=789) by a plurality of encryption 
keys. The detailed data structure of this license informa- 
tion 242 is explained later with reference to Fig. 7. 
[0058] The condition of the license information 242 
consists of a combination of respective identifying infor- 
mation allocated to a plurality of target physical ele- 
ments. This target physical element includes any device 
and media, such as MO disks, MO device, and MPEG2 
device, that are required to play back the contents 241 . 
Identifying information includes MSN (Media Serial 
Number) and DSN (Device Serial Number). Precisely, 
the license information 242 has the MSN of the MO me- 
dia set to "1 23" , the DSN of the MO device set to "456", 
and the DSN of the MPEG2 decoder set to "789". Fur- 
ther, the condition for a logical product (AND): MSN 
(=123) & DSN (=456) & DSN (=789) is set in the license 
information 242. 

[0059] That is, according to the license information 
242, the playback of the contents 241 can be allowed 
only when all of three conditions is satisfied: the MO me- 
dia are ones to which the MSN (=123) is allocated, the 
MO device is one to which the DSN (=456) is allocated, 
and the MPEG2 decoder is one to which the DSN (=789) 
is allocated. Conversely, when one ortwo conditions out 
of the three conditions are not satisfied, access to the 
data ( contents) 241 is not allowed. Thus, the license 
information 242 plays a role as a license to give approval 
of the playback of the contents 241 only to an authorized 
party who can simultaneously satisfy the three condi- 
tions. 

[0060] The contents 241 and the license information 
242 are stored on the MO media 240 in a correlated form 
as shown in Fig. 6 in the same manner as that of Fig. 2. 
The contents 241 of the MO media 240 are divided into 
three blocks: contents (1/3) 241 1( contents (2/3) 241 2 , 
and contents (3/3) 241 3 . These contents (1/3) 241 1( 
contents (2/3) 24 1 2 , contents (3/3) 24 1 3 are stored on 
regions specified by LBN=L, LBN=M, and LBN=N r re- 
spectively, 

[0061 ] Similarly, the license information 242 of the MO 
media 240 is divided into two blocks: license information 
(1/2) 242 v and license information (2/2) 242 2 . These li- 
cense information (1/2) 242 1 and license information 
(2/2) 242 2 are stored on regions specified by LBN=X and 
LBN=Y, respectively. 

[0062] The contents 241 and the license information 
242 are correlated with each other via file management 
data D B1 and auxiliary file management data D B2 . The 
file management data D B1 is used for managing the con- 
tents 241 as the main body of the file and the license 
information 242 as an auxiliary file. This file manage- 
ment data D B1 consists of information such as "file 
name", "link to the main body of file (3/3)". On the 



other hand, the auxiliary file management data D B2 is 
used for directly managing the license information 242, 
and consists of information such as "auxiliary file name", 
.... "link to the license information (1/2)", and "link to the 
5 license information (2/2)". 

fl)063] Referring to Fig. 5, MSN=123 is allocated to 
the MO media 240 as media identifying information. 
Key=abc is also stored on the MO media 240. This 
Key=abc is used for decrypting the MSN=123 from the 
10 license information 242. DSN=456 is allocated to the 
MO device 220 as device identifying information. 
Key=def is also stored in the MO device 220. This 
Key=def is used for decrypting the DSN=456 from the 
license information 242. 
is [0064] A drive 221 drives an MO disk 240 so as to 
rotate the disk at the time of reading out data. A decryp- 
tion section 223 decrypts the MSN=1 23 from the license 
Information 242 using the Key=abc stored on the MO 
disk 240. Further, the decryption section 223 decrypts 
20 the DSN=456 from the license information 242 using the 
Key=def stored in the MO device 220. 
[0065] AC check section 222 checks whether the 
MSN=123 read-out from the MO disk 240 satisfies the 
condition (in this case, MSN=123) of the license infor- 
ms mation 242. The AC check section 222 also checks 
whether the DSN=456 allocated to the MO device 220 
satisfies the condition (in this case, DSN=456) of the li- 
cense information 242. 

[0066] The MPEG2 decoder 230 decodes the con- 
30 tents 241 (data for moving pictures) in accordance with 
the MPEG2 format to reproduce the contents 241. 
DSN=789 is allocated to this MPEG2 decoder 230 as 
device identifying information. A decryption section 232 
decrypts the DSN=789 from the license information 242 
35 using Key=ghi stored in the MPEG2 decoder 230. AC 
check section 231 checks whether the DSN=789 satis- 
fies the condition (in this case, DSN=789) of the license 
information 242. 

[0067] Fig. 7 shows an example of a license (license 

<o information 242) in the above system. MPEG2 decoder 
AC: DSN=789 that corresponds to the MPEG2 decoder 
as the target physical element, is encrypted by the 
Key=ghi. Further, the DSN=789 is the license informa- 
tion for the MPEG2 decoder 230. 

45 [0068] MO device AC: DSN=456 corresponds to the 
MO device as a target physical element. This DSN=456 
and the encrypted DSN=789 are subjected to multiple 
encryption using the Key=def. These DSN=456 and 
DSN=789 subjected to multiple encryption are the li- 

50 cense information for the MO device 220. Further, MO 
media AC: MSN=123 corresponds to the medium as a 
target physical element. This MSN=123 and both of the 
DSN=456 and the DSN=789 subjected to multiple en- 
cryption are further subjected to multiple encryption us- 

55 jng the Key=abc. These MSN=123, DSN=456, and 
DSN=789 subjected to multiple encryption are the li- 
cense information for the medium 240. 
[0069] Operation of the Fig. 5 system will be explained 
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below with reference to a flow chart shown in Fig. 9. It 
is assumed here that an MO disk 240 is set in the drive 
221 of the MO device 220. When the user U instructs 
playback of MPEG2 contents to the MPEG2 playback 
control section 214 at step SB1 as shown in Fig. 9, at 
step SB2, the MPEG2 playback control section 214 in- 
structs the playback of the MPEG2 contents to the ACM 
213. 

[0070] At step SB3, the ACM 213 acquires the en- 
crypted license information 242 shown in Fig. 8A from 
the MO disk 240 via the file system 212. At step SB4, 
the ACM 213 transfers the acquired license information 
242 to the decryption section 223 of the MO device 220. 
Accordingly, at step SB5, the decryption section 223 ac- 
quires a key (=abc=K1) from the medium 240. 
[0071] At step SB6, the decryption section 223 de- 
crypts the license information 242 to that as shown in 
Fig. 8B using the key (=abc=K1). The MSN (=123) is 
decrypted here as shown in Fig. 8B. At step SB7, the 
decryption section 223 transfers the decrypted license 
information 242 to the AC check section 222. 
[0072] At step SBB, the AC check section 222 ac- 
quires an MSN (=123) from the medium 240. At step 
SB9, the AC check section 222 determines whether the 
condition (MSN=123) of the decrypted license informa- 
tion 242 shown in Fig. 8B matches the MSN (=123). As- 
sume that the two match. Therefore, the result of deter- 
mination at step SB9 will be "Yes". 
[0073] On the other hand, when the result of determi- 
nation at step SB9 is "No", the process at step SB26 is 
performed. At step SB26, the AC check section 222 
sends the check result of NG (no match) back to the 
ACM 213. Accordingly, at step SB27, the ACM 213 
sends the check result of NG back to the MPEG2 play- 
back control section 214, and ends the series of 
processing. Thus, this case indicates that the condition 
for the license (MSN=123) based on the license infor- 
mation 242 is not satisfied, and hence disk replay Is pre- 
vented. 

[0074] When the result of determination at step SB9 
is "Yes", at step SB 10, the AC check section 222 returns 
the license information 242 shown in Fig. 8C together 
with the check result of OK obtained at step SB9 to the 
ACM 213. Accordingly, at step SB11, the ACM 213 
transfers the received license information 242 to the de- 
cryption section 223 of the MO device 220. When re- 
ceiving the license information 242, at step SB12, the 
decryption section 223 acquires a key (=def=K2) from 
the MO device 220. 

[0075] At step SB13, the decryption section 223 de- 
crypts the license information 242 to that as shown in 
Fig. 8D using the key (=def=K2). The DSN (=456) Is de- 
crypted here as shown in Fig. 8D. At step SB1 4, the de- 
cryption section 223 transfers the decrypted license in- 
formation 242 to the AC check section 222. 
[0076] At step SB15, the AC check section 222 ac- 
quires a DSN (=456) from the MO device 220. At step 
SB16, the AC check section 222 determines whether 



the condition (DSN=456) of the decrypted license infor- 
mation 242 matches the DSN (=456). Assume that the 
two match. Therefore, the result of determination at step 
SB16will be "Yes". 

5 [0077] On the other hand, when the result of determi- 
nation at step SB16 is "No", the process at step SB26 
is performed. At step SB26, the AC check section 222 
sends the check result of NG back (no match) to the 
ACM 213. Accordingly, at step SB27, the ACM 213 

io sends the check result of NG back to the MPEG2 play- 
back control section 214, and ends the series of 
processing. Thus, this case indicates that the conditions 
for the license (MSN=123 & DSN=456) based on the 
license information 242 are not satisfied, and hence the 
playback of the contents 241 recorded on the medium 
240 is not allowed. 

[0078] When the result of determination at step SB1 6 
is "Yes", at step SB1 7, the AC check section 222 returns 
the license information 242 shown in Fig. 8E together 

20 with the check result of OK (match) obtained at step 
SB1 6 to the ACM 21 3. At step SB1 8, the ACM 21 3 trans- 
fers the license information 242 to the decryption section 
232 of the MPEG2 decoder 230. When receiving the li- 
cense information 242, at step SB19, the decryption 

25 section 232 acquires a key (=ghi=K3) from the MPEG2 
decoder 230. 

[0079] At step SB20, the decryption section 232 de- 
crypts the license information 242 to that as shown in 
Fig. 8F using the key (=ghi=K3). The DSN (=789) is de- 

30 crypted here as shown in Fig. 8 F. At step SB21 , the de- 
cryption section 232 transfers the decrypted license in- 
formation 242 to the AC check section 231 . 
[0080] At step SB22, the AC check section 231 ac- 
quires a DSN (=789) from the MPEG2 decoder 230. At 

35 step SB23, the AC check section 231 determines wheth- 
er the condition (DSN=7B9) of the decrypted license in- 
formation 242 matches the DSN (=789). Assume that 
the two match. Therefore, the result of determination at 
step SB23 will be "Yes". 

40 [0081] On the other hand, when the result of determi- 
nation at step SB23 is "No", the process at step SB26 
is performed. At step SB26, the AC check section 231 
sends the check result of NG back (no match) to the 
ACM 213. At step SB27, the ACM 213 sends the check 

45 result of NG back to the MPEG2 playback control sec- 
tion 214, and ends the series of processing. Thus, this 
case indicates that the conditions for the license 
(MSN=123 & DSN=456 & DSN=789) based on the li- 
cense information 242 are not satisfied, and hence the 

so playback of the contents 241 recorded on the medium 
240 is not allowed. 

[0082] When the result of determination at step SB23 
is "Yes", at step SB24, the AC check section 231 returns 
the check result of OK obtained at step SB23 to the ACM 
55 213. At step SB25, the ACM 213 sends all the check 
results of OK (match) obtained at step SB9, step SB1 6, 
and step SB23 back to the MPEG2 playback control 
section 214, and ends the series of processing. Thus, 
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this case indicates that all the conditions of the license 
information 242 recorded on the medium 240 are satis- 
fied, and hence the playback of the recorded contents 
241 is authorised. 

[0083] The MPEG2 playback control section 214 
reads out the contents 241 from the MO disk 240 via the 
drive 221 and the file system 212, and transfers the con- 
tents 241 to the MPEG2 decoder 230. The MPEG2 de- 
coder 230 decodes the contents 241 and plays the vid- 
eo. 

[0084] As explained above, in the system of Fig. 5, a 
plurality of blocks of license information (MSN=123, 
DSN=456, and so on) are subjected to multiple encryp- 
tion as shown in Fig. 7 to be recorded on the medium 
240. Thus, unauthorized access to the contents 241 can 
be prevented. 

[0085] A case is explained in the above system where 
the contents 241 is not encrypted. However, the con- 
tents 241 may also be encrypted. In this case, a contents 
decryption key to decrypt the encrypted contents 241 
and the license information 242 may be subjected to 
multiple encryption. This case is explained below as a 
third content access control system. 
[0086] Fig. 1 0 is a block diagram showing a configu- 
ration of the third content access control system. Same 
legends are assigned in this figure to the sections that 
are similar to those in Fig. 5. MPEG2 decoder 310 is 
provided here instead of the MPEG2 decoder 230 
shown in Fig. 5. Further, license information 300 is 
stored on the medium 240 instead of the license infor- 
mation 242 shown in Fig. 5. The contents 241 shown in 
Fig. 1 0 is encrypted. These encrypted contents 241 and 
license information 300 are stored on the medium 240 
In a correlated form. 

[0087] The MPEG2 decoder 310 decrypts the en- 
crypted contents 241 (for example, video data) using a 
contents decryption key Kc set by an AC check section 
311, and decodes the result of this decryption to play 
back the contents 241. DSN=789 as device identifying 
information is allocated to this MPEG2 decoder 3 10. A 
decryption section 312 decrypts DSN=789 from the li- 
cense information 300 using the Key=ghi stored in the 
MPEG2 decoder 310. The AC check section 311 checks 
whether the decrypted Information satisfies the condi- 
tion of the license information 300 (in this case, 
DSN=789). 

[0088] Fig. 1 1 shows an example of a license (license 
information 300) In the Fig. 1 0 system. MPEG2 decoder 
AC: DSN=7B9 and contents decryption key Kc corre- 
spond to the MPEG2 decoder as the target physical el- 
ement, respectively, and are encrypted by the Key=ghi. 
This contents decryption key K<. is used for decrypting 
the encrypted contents in the M PEG2 decoder 31 0. Fur- 
ther, the DSN=789 and the contents decryption key Kj. 
are license information for the MPEG2 decoder 310. 
[0089] MO device AC: DSN =45 6 corresponds to the 
MO device as a target physical element. This DSN=456 
and these encrypted DSN=789 and contents decryption 



key Kc are further subjected to multiple encryption using 
the Key=def. These DSN=456, DSN=789, and contents 
decryption key K c subjected to multiple encryption are 
the license Information for the MO device 220. 

5 [0090] MO media AC: MSN=123 corresponds to the 
MO disk as a target physical element. This MSN=123, 
and three of the DSN=456, the DSN=789, and the con- 
tents decryption key K c subjected to multiple encryption 
are further subjected to multiple encryption using the 

10 Key=abc. These MSN=123, DSN=456, DSN=7B9, and 
contents decryption key r^ subjected to multiple encryp- 
tion are the license information for the MO media 240. 
[0091] Operation of the Fig. 10 system will be ex- 
plained below with reference to a flow chart shown in 

'5 Fig. 1 3, In this case, it is assumed that the MO disk 240 
is set in the drive 221 of the MO device 220. When the 
user U instructs playback of MPEG2 contents to the 
MPEG2 playback control section 214 at step SC1 as 
shown in Fig. 13, at step SC2, the MPEG2 playback con- 

20 trol section 214 Instructs the playback of the MPEG2 
contents to the ACM 213. 

[0092] At step SC3, the ACM 213 acquires the en- 
crypted license information 300 shown in Fig. 12Afrom 
the MO disk 240 via the file system 212. At step SC4, 

25 the ACM 213 transfers the acquired license information 
300 to the decryption section 223 of the MO device 220. 
At step SC5, the decryption section 223 acquires a key 
(=abc=K1 ) from the MO disk 240. 
[0093] At step SC6, the decryption section 223 de- 

30 crypts the license information 300 to that as shown in 
Fig. 12B using the key (=abc=K1). The MSN (=123) is 
decrypted here as shown in Fig. 12B. At step SC7, the 
decryption section 223 transfers the decrypted license 
information 300 to the AC check section 222. 

35 [0094] At step SCS, the AC check section 222 ac- 
quires an MSN (=123) from the MO disk 240. At step 
SC9, the AC check section 222 determines whether the 
condition (MSN=123) of the decrypted license informa- 
tion 300 shown in Fig. 12B matches the MSN (=123). 

40 Assume that the two match. Therefore, the result of de- 
termination at step SC9 will be "Yes". 
[0095] On the other hand, when the result of determi- 
nation at step SC9 is "No", the process at step SC27 is 
performed. At step SC27, the AC check section 222 

45 sends the check result of NG (no match) back to the 
ACM 213. Accordingly, at step SC28, the ACM 213 
sends the check result of NG back to the MPEG2 play- 
back control section 214, and ends the series of 
processing. Thus, this case indicates that the condition 

so for the license (MSN=123) based on the license infor- 
mation 300 is not satisfied, and access to the contents 
241 is denied. 

[0096] When the result of determination at step SC9 
is "Yes", at step SC1 0 the AC check section 222 returns 
55 the license information 300 shown in Fig. 12C together 
with the check result of OK obtained at step SC9 to the 
ACM 213. At step SC11 , the ACM 213 transfers the re- 
ceived license Information 300 to the decryption section 
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223 of the MO device 220. When receiving the license 
information 300, at step SC12, the decryption section 
223 acquires a key (=def=K2) from the MO device 220. 
[0097] At step SC13, the decryption section 223 de- 
crypts the license information 300 to that as shown in 5 
Fig. 12D using the key (=def=K2). The DSN (=456) is 
decrypted here as shown in Fig. 12D. At step SC14, the 
decryption section 223 transfers the decrypted license 
information 300 to the AC check section 222, 
[0098] At step SC15, the AC check section 222 ac- 
quires a DSN (=456) from the MO device 220. At step 
SC16, the AC check section 222 determines whether 
the condition (DSN=456) of the decrypted license infor- 
mation 300 matches the DSN (=456). Assume that the 
two match. Therefore, the result of determination at step 
SC16wiil be "Yes". 

[0099] On the other hand, when the result of determi- 
nation at step SC16 is "No", the process at step SC27 
is performed. At step SC27, the AC check section 222 
sends the check result of NG (no match) back to the 
ACM 213. Accordingly, at step SC28, the ACM 213 
sends the check result of NG back to the MPEG2 play- 
back control section 214, and ends the series of 
processing. Thus, this case indicates that the conditions 
for the license (MSN=123 & DSN=456) based on the 
license information 300 are not satisfied, thus the play- 
back of the contents 241 recorded on the medium 240 
is not allowed. 

[0100] When the result of determination at step SC1 6 
is "Yes", at step SC1 7 the AC check section 222 returns 
the license information 300 shown in Fig. 12E together 
with the check result of OK obtained at step SC1 6 to the 
ACM 213. At step SC1 8, the ACM 213 transfers the re- 
ceived license information 300 to the decryption section 
312 of the MPEG2 decoder 310. When receiving the li- 
cense information 300, at step SC19, the decryption 
section 312 acquires a key (=ghi=K3) from the MPEG2 
decoder 310. 

[0101] At step SC20, the decryption section 312 de- 
crypts the license information 300 to that as shown in 
Fig. 12F using the key (=ghi=K3). The DSN (=789) is 
decrypted here as shown in Fig. 1 2F At step SC21 , the 
decryption section 312 transfers the decrypted license 
information 300 to the AC check section 311. 
[0102] Accordingly, at step SC22, the AC check sec- 
tion 311 acquires a DSN (=789) from the MPEG2 de- 
coder 310. At step SC23, the AC check section 311 de- 
termines whether the condition (DSN=789) of the de- 
crypted license information 300 matches the DSN 
(=789). Assume that the two match. Therefore, the re- 
sult of determination at step SC23 will be "Yes". 
[01 03] On the other hand, when the result of determi- 
nation at step SC23 is "No", the process at step SC27 
is performed. At step SC27, the AC check section 31 1 
sends the check result of NG (no match) back to the 
ACM 213. At step SC28, the ACM 213 sends the check 
result of NG back to the MPEG2 playback control sec- 
tion 214, and ends the series of processing. Thus, this 
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case indicates that the conditions for the license 
(MSN=123 & DSN=456 & DSN=789) based on the li- 
cense information 300 are not satisfied, and access to 
the information recorded on the disk 240 is not allowed. 
[0104] When the result of determination at step SC23 
is "Yes", at step SC24, the AC check section 311 sets a 
contents decryption key Kc in the MPEG2 decoder 310. 
At step SC25, the AC check section 3 1 1 sends the check 
result of OK (match) obtained at step SC23 back to the 
ACM 213. At step SC26, the ACM 213 sends all the 
check results of OK obtained at step SC9, step SC1 6, 
and step SC23 back to the MPEG2 playback control 
section 214, and ends the series of processing. Thus, 
this case indicates that all the conditions of the license 
information 300 recorded on the medium 240 are satis- 
fied, and hence the playback of the disk 240 is allowed. 
[0105] The MPEG2 playback control section 214 
reads out the encrypted contents 241 from the MO me- 
dia 240 via the drive 221 and the file system 212, and 
transfers the contents 241 to the MPEG2 decoder 31 0. 
Thus, the MPEG2 decoder 310 decrypts the contents 
241 using the contents decryption key ^ set at step 
SC24 decodes and plays the moving pictures. 
[0106] As explained above, in the system of Fig. 10, 
in addition to the plurality of blocked license information 
(MSN=123, DSN=456, and so on), the contents decryp- 
tion key Kf. to decrypt the contents 241 is subjected to 
multiple encryption as shown in Fig. 11 to be recorded 
on the medium 240. Thus, unauthorized access to the 
contents 241 can more effectively be prevented. 
[0107] A case is explained in the Fig. 10 system where 
the file system 212 shown in Fig. 10 unconditionally 
reads out license information from the MO media 240. 
However, for the purpose of achieving higher security, 
the system may be configured so that encrypted license 
information is stored on a secured region (encrypted re- 
gion) of the medium 240 and only the file system, that 
can decrypt this encrypted license information, can read 
out the license information. This case is explained below 
as a fourth content access control system. 
[0108] Fig. 14 is a block diagram showing a configu- 
ration of the content access control system. Same leg- 
ends are assigned in this figure to the sections that are 
similar to those in Fig. 10. As shown in Fig. 14, medium 
440 and computer 400 are .provided instead of the me- 
dium 240 and the computer 21 0 shown in Fig 1 0. 
[0109] The medium 440 shown in Fig. 14 has a non- 
secured region A 1 where encrypted contents 441 Is 
stored and a secured region A 2 where encrypted license 
information 442 Is stored as shown in detail in Fig. 15. 
The non-secured region A 1 is a user region to which ac- 
cess can be made using any ordinary file system. 
Whereas, the secured region Ag is a region to which ac- 
cess can not be made by the ordinary file system, name- 
ly, to which only a file system 410 having a decryption 
unit 411 shown in Fig, 14 can get access. 
[0110] The license information 442 shown in Fig. 15 
is obtained by encrypting the license information 300 
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(see Fig. 10 and Fig. 11). Therefore, the MSN=123,the 
DSN-456, the DSN=789, and the contents decryption 
key Kg shown in Fig. 1 1 are included in the license in- 
formation 442. Further, the license information 442 is 
managed by auxiliary file management data D C2 as 5 
shown in Fig. 15. 

[01 1 1 J On the other hand, file management data D C1 
in the non-secured region A 1 is data for managing the 
contents 441 and also for managing indirectly the li- 
cense information 442 via auxiliary file management da- io 
ta D^. Thus, the contents 441 and the license informa- 
tion 442 are correlated with each other via the file man- 
agement data D C1 and the auxiliary file management 
data on the medium 440. Referring to Fig. 14, the 
file system 41 0 of the computer 400 reads out the li- '5 
cense information 442, the contents 441 , the Key=abc, 
and MSN=123 from the MO disk 440, respectively. The 
decryption unit 41 1 decrypts the encrypted license infor- 
mation 442. 

[0112] Operation of the Fig. 14 system will be ex- 20 
plained below with reference to flow charts shown in Fig. 
1 6 and Fig. 1 7. It is assumed here that an MO disk 440 
is set in the drive 221 of the MO device 220. When the 
user U instructs playback of MPEG2 contents to the 
MPEG2 playback control section 214 at step SD1 as 25 
shown in Fig. 16, at step SD2, the MPEG2 playback con- 
trol section 214 instructs retrieval of the MPEG2 data to 
the ACM 213. 

[01 1 3] At step SD3, the file system 41 0 accesses the 
secured region A 2 of the medium 440 to acquire the en- 30 
crypted license information 442, and then transfers the 
information to the decryption unit 411 . At step SD4, the 
decryption unit 41 1 decrypts the encrypted license infor- 
mation 442 using a specified key. At step SD5, the de- 
cryption unit 411 transfers the decrypted license infor- 35 
mation 442 to the ACM 213. 

[0114] At step SD6 shown in Fig. 17, the ACM 213 
transfers the decrypted license information 442 to the 
decryption section 223 of the MO device 220. At step 
SD7, the decryption section 223 acquires a key *o 
(=abc=K1 (see Fig. 12A) from the MO media 440, and 
proceeds to step SD8. At step SD8, the decryption sec- 
tion 223 decrypts the license information 442 to that as 
shown in Fig. 1 2B using the key (=abc). The MSN (=1 23) 
is decrypted here as shown in Fig. 12B. At step SD9, 45 
the decryption section 223 transfers the decrypted li- 
cense information 442 to the AC check section 222. 
[0115] At step SD10, the AC check section 222 ac- 
quires an MSN (=123) from the MO disk 440. At step 
SD11, the AC check section 222 determines whether 50 
the condition (MSN=123) of the decrypted license infor- 
mation 442 shown in Fig. 12B matches the MSN (=123). 
Assume that the two match. Therefore, the result of de- 
termination at step SD11 will be "Yes". 
[01 1 6] On the other hand, when the result of determi- ss 
nation at step SD11 is "No", the process at step SD29 
is performed. At step SD29, the AC check section 222 
sends the check result of NG (no match) back to the 
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ACM 213. Accordingly, at step SD30, the ACM 213 
sends the check result of NG back to the MPEG2 play- 
back control section 214, and ends the series of 
processing. Thus, this case Indicates that the condition 
for the license (MSN=123) based on the license infor- 
mation 442 is not satisfied, and hence access to the data 
441 on the disk is prohibited. 
[0117] When the result of determination at step SD11 
is "Yes", at step SD1 2, the AC check section 222 returns 
the license information 442 (see Fig. 12C) together with 
the check result of OK obtained at step SD1 1 to the ACM 
213. Accordingly, at step SD13, the ACM 213 transfers 
the received license .information 442 to the decryption 
section 223 of the MO device 220. When receiving the 
license information 442, at step SDH, the decryption 
section 223 acquires a key (=def=K2) from the MO de- 
vice 220. 

[0118] At step SD15, the decryption section 223 de- 
crypts the license information 442 to that as shown in 
Fig. 12D using the key (=def=K2). The DSN (=456) is 
decrypted here as shown in Fig. 1 2D. At step SD1 6, the 
decryption section 223 transfers the decrypted license 
information 442 to the AC check section 222. 
[0119] At step SD17, the AC check section 222 ac- 
quires a DSN (=456) from the MO device 220. At step 
SD18, the AC check section 222 determines whether 
the condition (DSN=456) of the decrypted license infor- 
mation 442 matches the DSN (=456). Assume that the 
two match. Therefore, the result of determination at step 
SD1B will be "Yes". 

[01 20] On the other hand, when the result of determi- 
nation at step SD18 is "No", the process at step SD29 
is performed. At step SD29, the AC check section 222 
sends the check result of NG (no match) back to the 
ACM 213. Accordingly, at step SD30, the ACM 213 
sends the check result of NG back to the MPEG2 play- 
back control section 214, and ends the series of 
processing. Thus, this case indicates that the conditions 
for the license (MSN=123 & DSN=456) based on the 
license information 442 are not satisfied, and hence play 
back is prohibited. 

[0121] When the result of determination at step SD18 
is "Yes", at step SD19, the AC check section 222 returns 
the license information 442 shown in Fig. 12E together 
with the check result of OK obtained at step SD1 8 to the 
ACM 213. At step SD20, the ACM 213 transfers the re- 
ceived license information 442 to the decryption section 
312 of the MPEG2 decoder 310. When receiving the li- 
cense information 442, at step SD21, the decryption 
section 312 acquires a key (=ghi=K3) from the MPEG2 
decoder 310. 

[0122] At step SD22, the decryption section 312 de- 
crypts the license information 442 to that as shown in 
Fig. 12F using the key (=ghi=K3). The DSN (=789) is 
decrypted here as shown in Fig. 1 2 F. At step SD23, the 
decryption section 312 transfers the decrypted license 
information 442 to the AC check section 311 . 
[0123] At step SD24, the AC check section 311 ac- 
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quires a DSN (=789) from the MPEG2 decoder 310. At 
step SD25, the AC check section 311 determines wheth- 
er the condition (DSN=789) of the decrypted license in- 
formation 442 matches the DSN (=789). Assume that 
the two match. Therefore, the result of determination at 
step SD25 will be "Yes". 

[0124] On the other hand, when the result of determi- 
nation at step SD25 is "No", the process at step SD29 
is performed. At step SD29, the AC check section 31 1 
sends the check result of NG (no match) back to the 
ACM 213. Accordingly, at step SD30, the ACM 213 
sends the check result of NG back to the MPEG2 play- 
back control section 214, and ends the series of 
processing. Thus, this case indicates that the conditions 
for the license (MSN=123 & DSN=456 & DSN=789) 
based on the license information 442 are not satisfied, 
and reading is prohibited. 

[01 25] When the result of determination at step SD25 
is "Yes", at step SD26 the AC check section 311 sets a 
contents decryption key in the MPEG2 decoder 310. 
At step SD27, the AC check section 311 sends the check 
result of OK (match) obtained at step SD25 back to the 
ACM 213. Accordingly, at step SD28, the ACM 213 
sends all the check results of OK obtained at step SD 1 1 , 
step SD1 8, and step SD25 backto the MPEG2 playback 
control section 214, and ends the series of processing. 
Thus, this case indicates that all the conditions of the 
license information 442 recorded on the medium 440 
are satisfied, and hence the output of data from the me- 
dium is permitted. 

[0126] The MPEG2 playback control section 214 
reads out the encrypted contents 441 from the medium 
440 via the drive 221 and the file system 410, and trans- 
fers the read-out contents 441 to the MPEG2 decoder 
310. Thus, the contents 441 decrypted by the contents 
decryption key K c set at step SD26 are decoded to the 
moving pictures in the MPEG2 decoder 310. 
[0127] A data write device that writes the license in- 
formation 442 shown in Fig. 14 on the medium 440 
where the contents 441, the Key=abc, and the 
MSN=123 have already been stored is explained below 
with reference to Fig. 18. The license information 442 is 
not stored on the medium 440. A computer 460 in Fig. 
1 8 is a device which is installed in a station (for example, 
railway station or bus station) or in a convenience store, 
or some similar places, and through which license infor- 
mation is purchased. A license-information purchase 
application program 461 for purchasing license informa- 
tion is started up in this computer 460. OS 462 controls 
the license-information purchase application program 
461. 

[01 28] A file system 463 manages files handled in the 
computer 460 and controls read/write of data. An en- 
cryption unit 464 encrypts data to be written onto an MO 
disk 440. A license server 450 is placed in the side of 
contents provider, and it is connected to the computer 
460 via a network N. This license server 450 sells the 
license information. MO device 470 is provided to the 
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computer 460 externally (or internally), and writes data 
onto MO media (MO disks 440 in Fig. 18). This MO de- 
vice 470 has a drive 471 to drive the MO media. 
[0129] Operation of the data write unit shown in Fig. 

s 1 8 will be explained below with reference to Fig. 1 9. At 
step SE1 shown in Fig. 19, the user U instructs to pur- 
chase license information 442 by entering parameters 
such as a file name (e.g., title of the song) and a server 
name using a not shown input device. Accordingly, at 

10 step SE2, the license-information purchase application 
program 461 purchases (acquires) the license informa- 
tion 442 from the license server 450 via the network N. 
[0130] At step SE3, the license-information purchase 
application program 461 transfers the license informa- 

'5 tion 442 to the file system 463. At step SE4, the encryp- 
tion unit 464 of the file system 463 encrypts the license 
information 442 using a predetermined key. At step SE5, 
the file system 463 stores the encrypted license infor- 
mation 442 on the secured region A 2 (see Fig. 15) of the 

20 MO disk 440 through the MO device 470. 

[0131] As explained above, according to the Fig. 14 
system, the encrypted license information 442 is record- 
ed on the secured region A2 of the medium 440 as 
shown in Fig. 15. Therefore, unauthorized access to the 

25 contents 441 can be prevented. 

[0132] Fig. 20 is a block diagram showing a configu- 
ration of a fifth content access control system. Same leg- 
ends are assigned in this figure to the sections that are 
similar to those in Fig. 10. A disk 540, computer 500, 

30 and MO device 520 are provided instead of the MO disk 
240, the computer 210, and the MO device 220 shown 
in Fig. 10. 

[0133] The medium 540 shown in Fig. 20 has an or- 
dinary region B t , a specific region B 2 , and a media man- 

35 agement region B 3 as shown in detail in Fig 21 . The or- 
dinary region B 1 stores data (contents) 541 and this or- 
dinary region B t extends from PSN (Physical Sector 
Number)=M+1 to PSN=N. The specific region B 2 is 
where access can be made only when a mutual authen- 

40 tication command (specific command) explained later Is 
issued and the license information 542 shown in Fig. 20 
is stored. This license information 542 has the same da- 
ta structure as that of license information 300. This spe- 
cific region B 2 extends from PSN=L to PSN=M. 

45 [0134] The media management region B 3 is where a 
media management table T, that defines ranges of the 
ordinary region and the specific region B 2 on the me- 
dium 540, is stored. Start PSNs (header number of each 
of the physical sector numbers) of the ordinary region 

so B 1 and the specific region B 2 are defined in this media 
management table T Further, end PSNs (end number 
of each of the physical sector numbers) of the ordinary 
region B, and the specific region B 2 are also defined in 
the table T. This media management region B 3 extends 

55 from PSN=1 to PSN=L. 

[0135] Referring to Fig. 20, Key=abc and MSN=123, 
in addition to the contents 541 and the license informa- 
tion 542, are stored on the medium 540 in the same 
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manner as that of the medium 240 (see Fig. 10). A file 
system 510 in the computer 500 manages files handled 
by the computer 500 and controls read/write of data. A 
mutual authentication module 51 1 holds secret informa- 
tion (henceforth, computer-side secret information) 5 
common to secret information (henceforth, MO device- 
side secret information) held by a mutual authentication 
module 521 of the MO device 520. 
[0136] The mutual authentication module 511 per- 
forms mutual authentication with the mutual authentica- 10 
tion module 521 when the mutual authentication com- 
mand is issued. That is, the mutual authentication mod- 
ule 511 transmits computer-side secret information to 
the mutual authentication module 521, and performs 
mutual authentication depending on whether the MO 15 
device-side secret information from the mutual authen- 
tication module 521 matches the computer-side secret 
information held by the module 511 . The file system 510 
can read out the license information 542 from the spe- 
cific region B 2 of the medium 540 only when these two 20 
modules are mutually authenticated. 
[01 37] Referring to the MO device 520, the mutual au- 
thentication module 521 holds, as explained above, the 
MO device-side secret information common to the com- 
puter-side secret inf ormation held by the mutual authen- 25 
tication module 51 1 of the file system 5 1 0. When receiv- 
ing the computer-side secret information from the mu- 
tual authentication module 511 , the mutual authentica- 
tion module 521 transmits the MO device-side secret in- 
formation held by the module 521 to the mutual authen- 30 
tication module 511 . Further, the mutual authentication 
module 521 performs mutual authentication depending 
on whether the computer-side secret information from 
the mutual authentication module 511 matches the MO 
device-side secret information held by the module 521 . 35 
[0138] Operation of the above system will be ex- 
plained below with reference to flow charts shown in Fig. 
22 and Fig. 13. It is assumed here that the medium 540 
is set in the drive 221 of the MO device 520 shown in 
Fig. 20. When the user U instructs playback of MPEG2 *o 
contents to the MPEG2 playback control section 214 at 
step SF1 shown in Fig. 22, at the next step SF2 the 
MPEG2 playback control section 214 instructs the play- 
back of the MPEG2 contents to the ACM 213. 
[0139] At step SF3, a mutual authentication command 
is issued from the ACM 213 to the file system 510, and 
mutual authentication is performed between the mutual 
authentication module 511 and the mutual authentica- 
tion module 521 . In other words, the mutual authentica- 
tion module 511 of the file system 510 transmits the so 
computer-side secret information to the mutual authen- 
tication module 521 of the MO device 520. When this 
computer-side secret information is received, the mutu- 
al authentication module 521 transmits the MO device- 
side secret information to the mutual authentication 55 
module 511. 

[0140] The mutual authentication module 521 then 
determines whether the received computer-side secret 
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information matches the MO device-side secret infor- 
mation held by the module 521 , and transfers the result 
of the determination to the mutual authentication mod- 
ule 51 1 . On the other hand, when receiving the MO de- 
vice-side secret information from the mutual authentica- 
tion module 521 , the mutual authentication module 511 
then determines whether the received MO device-side 
secret information matches the computer-side secret in- 
formation held by the module 511 . 
[0141] At step SF4, the file system 510 determines 
whether mutual authentication has been obtained 
based on both of the result of determination on the mu- 
tual authentication in the mutual authentication module 
511 and the result of determination on the mutual au- 
thentication in the mutual authentication module 521. 
When respective results of the determination indicate 
"match", the file system 510 transfers the result of mu- 
tual authentication of OK to the ACM 213, and deter- 
mines that the result of determination at step SF4 is 
"Yes". 

[0142] Accordingly, at step SC3 shown in Fig. 13, the 
ACM 213 acquires the license information 542 from the 
specific region B 2 of the medium 540 via the file system 
510. From then on, the processing from step SC4 to step 
SC28 is executed in the same manner as that of the Fig. 
1 0 system. It is assumed in the Fig. 20 system that the 
MO disk 540, the license information 542, the contents 
541, the file system 510, and the MO device 520 are 
substituted for the MO djsk 240, the license information 
300, the contents 241 , the file system 21 2, and the MO 
device 220, respectively. 

[0143] On the other hand, at step SF4 shown in Fig. 
22, when both of the result of the determination on mu- 
tual authentication in the mutual authentication module 
511 and the result of the determination on mutual au- 
thentication in the mutual authentication module 521 in- 
dicate "no match' 1 , the file system 510 determines that 
the result of determination is "No", and proceeds to step 
SC27 shown in Fig. 13. At step SC27, the file system 
51 0 transfers the mutual authentication result of NG (no 
match) to the ACM 213. In this case, mutual authenti- 
cation is not obtained, therefore, there is no possibility 
that the license information 542 is read out from the spe- 
cific region B 2 of the medium 540 shown in Fig. 20. 
[0144] A formatting device that sets an ordinary re- 
gion B t and a specific region B 2 of the medium 540 
shown in Fig. 20 is explained below with reference to 
Fig. 23. Computer 560 shown in this figure physically 
formats the medium 540. A formatter 561 provides con- 
trols for a physical format of the medium 540. OS 562 
controls various types of application programs. A device 
driver 563 drives an MO device 570. The MO device 570 
is provided to the computer 560 externally (or internally). 
This MO device 570 has a drive 571 that drives MO disks 
and performs physical formatting. 
[0145] Operation of the formatting device shown in 
Fig. 23 will be explained below with reference to Fig. 24. 
At step SG1 , the user U instructs formatting of the me- 
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dium 540 by specifying the size of the secured region 
(specific region B 2 ) using a not shown input device. Ac- 
cordingly, at step SG2, the formatter 561 instructs phys- 
ical formatting to a physical formatting section 572 via 
the device driver 563. At step SG3, the physical format- 
ting section 572 then executes physical formatting of the 
MO disk 540. Thus, an ordinary region and a specific 
region B 2 are formed. 

[0146] As explained above, according to the system 
of Fig. 20, the license information 542 is recorded on the 
specific region B 2 of the MO disk 540 shown in Fig. 21 . 
The license information 542 is then acquired from the 
specific region B 2 only when respective mutual authen- 
tication is obtained in both of the mutual authentication 
module 511 and the mutual authentication module 521 . 
Therefore, the license can be disapproved at the instant 
at which it is determined that mutual authentication is 
not obtained. Thus, unauthorized access to thecontents 
541 can be prevented. 

[0147] A case Is explained in the Fig. 14 system where 
the medium 440 has the non-secured region A n and the 
secured region A2 as shown in Fig. 15. Further, a case 
is explained in the Fig. 20 system where the medium 
540 has the ordinary region B 1 and the specific region 
B 2 as shown in Fig. 21. A combination of the Fig. 14 
system (non-secured region A-j and secured region A2) 
with the Fig. 20 system (ordinary region B, and specific 
region B 2 ) is explained below. 

[0148] A disk 600 shown in Fig. 25 is used in this sys- 
tem, it has the ordinary region B 1 (see Fig. 21) and the 
non-secured region A 1 (see Fig. 15) mapped with each 
other, and also has the specific region B 2 (see Fig. 21) 
and the secured region A 2 (see Fig. 15) mapped with 
each other. Further, the ordinary region B 1 
(corresponding to the non-secured region A.,) stores 
the contents 441 and the file management data D C1 that 
manages the contents. Whereas, the specific region B 2 
(corresponding to the secured region A 2 ) stores the li- 
cense information 442 and the file management data 
D C2 that manages the license information. 
[0149] As explained above, in the system of Fig. 25, 
the secured region A 2 is mapped to the specific region 
B 2 , both of which are effective in security. Thus, ex- 
tremely high security can be ensured. 
[01 50] The contents and the license information (AC) 
stored on a medium in the above systems may be trans- 
ferred to another medium. This is the subject of the 
present invention. Fig. 26 is a block diagram showing a 
configuration of a packed data generating device ac- 
cording to an embodiment of this invention. Fig. 27 is a 
block diagram showing a configuration of an unpacking 
device according to the embodiment of this invention. 
[0151] These packed data generating device (see 
Fig. 26) and unpacking device (see Fig. 27) are connect- 
ed to each other via a not shown cable or a network. 
The packed data generating device shown in Fig. 26 
transfers license information 801 and encrypted con- 
tents 602, that are stored on a disk 800, as a grouping 



of data (packed data 830) to the unpacking device (see 
Fig. 27). 

[01 52] The license information 801 stored on the disk 
800 is the license information (AC) according any of the 

5 above systems. This license information 801 includes 
MSN and keys. The encrypted content 802 is content 
that is encrypted. A computer 820 is installed in the 
transmission side. OS 821 controls execution of various 
types of application programs. A file system 822 man- 

10 ages files handled by the computer 820 and controls 
read/write of data. 

[01 53] A packing section 823 generates a file (packed 
data 830) from the license information 801 and the en- 
crypted contents 802. A transfer section 824 transfers 

15 the packed data 830 to the unpacking device (see Fig. 
27). MO device 81 0 is provided to the computer 820 ex- 
ternally (or internally), and reads out the license infor- 
mation 801 and the encrypted contents 802 from the 
disk (medium 800 in Fig. 26). This MO device 810 has 

20 a drive 811. 

[0154] On the other hand, in Fig. 27, computer 920 is 
installed in the reception side. OS 921 controls execu- 
tion of various types of application programs. A file sys- 
tem 922 manages files handled by the computer 920 

25 and controls read/write of data. A reception section 924 
receives the packed data 830 transferred from the 
packed data generating device (see Fig. 26). An un- 
packing section 923 generates two files (license infor- 
mation 801 and encrypted contents 802) from the 

30 packed data 830. MO device 910 is installed to the com- 
puter 920 externally (or internally), and writes the li- 
cense information 801 and the encrypted contents 802 
onto a disk (medium 900 in Fig. 27) via a drive 911 . 
[0155] Based on this configuration, when the license 

35 information 801 and the encrypted contents 802 are 
read out from the medium 800 shown in Fig. 26, the 
packing section 823 generates a file (packed data 830) 
from these license information 801 and encrypted con- 
tents 802 and transfers the file to the transfer section 

40 824. Accordingly, the transfer section 824 transfers the 
packed data 830 to the unpacking device shown in Fig. 
27 via the cable or the network. 
[0156] When the packed data 830 is received by the 
reception section 924 shown in Fig. 27, the unpacking 

45 section 923 generates the license information 801 and 
the encrypted contents 802 from the packed data B30. 
Thus, the license information 801 and the encrypted 
contents 802 are written onto the MO disk 900. In the 
present invention, the license information 801 and the 

so encrypted contents 802 can be transferred (copied) 
from one disk 800 to another 900 in the manner as ex- 
plained above. Thus, the license regarding the playback 
of contents can easily be transferred. 
[0157] As explained above, according to the present 

55 invention, the encrypted contents 802 and the license 
information 801 are transferred (copied) between me- 
dia. Thus, the license allowing replay of the contents 801 
can be transferred to a third party. 
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[0158] For example, in the present invention, access 
to contents may be controlled by recording a contents 
access control program, that realizes functions of the 
access control system, on a computer-readable record- 
ing medium, and making the computer read and execute 
the contents access control program recorded on the 
recording medium. The recording medium includes not 
only any transportable type of recording medium such 
as an optical disk, a floppy disk, or a hard disk, but also 
any transport media such as a network that temporarily 
records and holds data. 

[01 59] As explained above.in a control access control 
system, license information and contents are correlated 
with each other and recorded on one medium, and ac- 
cess to the contents is controlled based on the license 
information and the identifying information. Therefore, 
by acquiring the medium, both of the license information 
and the contents can concurrently be obtained. Result- 
antly, the system has such an advantageous effect that 
the contents can more easily be utilized as compared to 
the conventional case where the license information and 
the contents are separately acquired. 
[01 60] Further, a plurality of blocks of license informa- 
tion are subjected to multiple encryption and recorded 
on the medium. Ftesultantiy, the invention has such an 
advantageous effect that unauthorized access to con- 
tents can be prevented. 

[0161] Further, in addition to the plural blocks of li- 
cense information, the contents decryption key to de- 
crypt the contents may be multiply-encrypted and re- 
corded on a medium. 

[0162] Resultantly, the system has such an advanta- 
geous effect that unauthorized access to contents can 
more effectively be prevented. 
[0163] Further, encrypted license information can be 
recorded on the secured region of a medium. This 
measure has such an advantageous effect that unau- 
thorized access to contents can be prevented. 
[0164] Further, license information can be recorded 
on the secured region such that only when two physical 
elements are mutually authenticated, the license infor- 
mation is acquired from the specific region. Therefore, 
the license can be disapproved at the instant at which it 
is determined that mutual authentication is not obtained. 
There is thus provided an advantageous effect that un- 
authorized access to contents can be prevented. 
[0165] Further, the secured region may be mapped to 
the specific region, both of which are effective in secu- 
rity. Resultantly, there is provided an advantageous ef- 
fect that extremely high security can be ensured. 
[0166] Further, the contents and the license informa- 
tion can be transferred (copied) from one medium to an- 
other. 

Resultantly, the invention has such an advantageous ef- 
fect that the license regarding access to contents can 
be transferred to a third party. 
[0167] Although the invention has been described 
with respect to a specific embodiment for a complete 
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and clear disclosure, the appended claims are not to be 
thus limited but are to be construed as embodying all 
modifications and alternative constructions that may oc- 
cur to one skilled in the art which fairly fall within the 
5 basic teaching herein set forth. 



Claims 



a read unit (81 0) which reads out content (802) 
and license information (801) from a medium 
(800) where the content to be provided from an 
authenticated information provider to a user 
and the license information regarding access to 
the content are recorded in correlation with 
each other; 

a transfer unit (824) which transfers the read- 
out content and license information; 
a reception unit (924) which receives the read- 
out content and license information; and 
a write unit (910) which generates the content 
and the license information from the read-out 
content and license information received by the 
reception unit, and writes the generated con- 
tent and license information onto.another me- 
dium (900); characterized In that: 

the transfer unit (824) transfers the read- 
out content (802) and license information 

(801) as a file; 

the reception unit (924) receives the file; 
the write unit (91 0) generates the contents 
and the license information from the file, 
items of identifying information being allo- 
cated to two or more of the read unit (810), 
transfer unit (824), reception unit (924) and 
write unit (910), respectively; 
the license information (242) recorded in 
the medium (240) includes two or more 
blocks of license information each of which 
includes a respective item of said identify- 
ing information; 

the blocks of license information are sub- 
jected to multiple encryption by setting a 
logical product of the identifying informa- 
tion included in the blocks of license infor- 
mation; and 

the system allows access to the content 

(802) only when the decrypted license in- 
formation satisfies the logical product. 

2. A content access control method comprising the 
steps of: 

reading out content (241 , 441 , 541 ) and license 
information (242, 300, 442, 542) from a medium 
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(240, 440, 540) where the content to be provid- 
ed from an authenticated information provider 
to a user and the license information regarding 
access to the content are recorded in correla- 
tion with each other, 5 
transferring the read-out content (241, 441, 

541) and license information (242, 300, 442, 

542) ; 

receiving the read-out content and license in- 
formation; and '0 
generating the received content (241 , 441 , 541 ) 
and the license information (242, 300, 442, 
542), and writing the generated content and li- 
cense information onto another medium (900); 

15 

characterized In that the method further 
comprises the steps of: 

transferring the read-out content (241, 441, 
541 ) and license information (242, 442, 542) as 20 
a file; 

allocating respective items of identifying infor- 
mation to physical elements (220, 230, 240) in- 
cluded in a utilization unit for carrying out said 
method; 25 
setting the license information recorded in the 
medium (240, 440, 540) so as to include two or 
more blocks of license information allocated to 
said physical elements (220, 230, 240) respec- 
tively, wherein the blocks of license information 30 
include respective items of said identifying in- 
formation allocated to the physical elements 
(220, 230, 240); 

performing multiple encryption for the license 
information by setting a logical product of the 35 
identifying information included in the blocks of 
license information; and 
allowing access to the content (241 , 441, 541) 
only when the decrypted license information 
satisfies the logical product. 40 

A computer program comprising computer program 
code means which when run on a general-purpose 
computer, carries out the method of claim 2. 



45 



A computer-readable recording medium on which 
is recorded the computer program of claim 3. 



so 



55 
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